Setting
Up

This topic describes preliminary steps, such as creating an AWS account, to prepare
you to
use AWS WAF, AWS Firewall Manager, and AWS Shield Advanced. You are not charged
to set up this account and other preliminary
items. You are charged only for AWS services that you use.

Part of the sign-up procedure involves receiving a phone call and entering a
PIN using the phone keypad.

Note your AWS account number, because you'll need it for the next task.

Step 2: Create an IAM User

To use the AWS WAF console, you must sign in to confirm that you have permission to
perform AWS WAF operations. You can use the root credentials for your AWS account,
but
we don't recommend it. For greater security and control of your account, we recommend
that you use AWS Identity and Access Management (IAM) to do the following:

Create an IAM user account for yourself or your business.

Either add the IAM user account to an IAM group that has administrative permissions,
or grant administrative permissions directly to the IAM user account.

You then can sign in to the AWS WAF console (and other service consoles) by using
a special
URL and the credentials for the IAM user. You also can add other users to the IAM
user account, and control their level of access to AWS services and to your
resources.

If you signed up for AWS but have not created an IAM user for yourself, you can
create one using the IAM console. If you aren't familiar with using the console,
see
Working with the AWS Management Console for an overview.

To create an IAM user for yourself and add the user to an Administrators group

We strongly recommend that you adhere to the best practice of using the Administrator IAM user below and securely lock away the root user credentials. Sign in as the root
user only to perform a few account and service management tasks.

In the navigation pane of the console, choose Users, and then choose Add
user.

For User name, type Administrator.

Select the check box next to AWS Management Console access, select Custom
password, and then type the new user's password in the text box. You can
optionally select Require password reset to force the user to create a new
password the next time the user signs in.

In the policy list, select the check box for AdministratorAccess. Then choose Create group.

Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.

Choose Next: Tags to add metadata to the user by attaching tags as key-value pairs.

Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready
to proceed, choose Create user.

You can use this same process
to create more groups and users, and to give your users access to your AWS account
resources.
To learn about using policies to restrict users' permissions to specific AWS resources,
go
to Access Management and
Example Policies.

To sign in as this new IAM user, first sign out of the AWS console. Then use the
following URL, where your_aws_account_id is your AWS account
number without the hyphens. For example, if your AWS account number is
1234-5678-9012, your AWS account ID is
123456789012:

https://your_aws_account_id.signin.aws.amazon.com/console/

Enter the IAM user name and password that you just created. When you're signed in,
the navigation bar displays "your_user_name @
your_aws_account_id".

If you don't want the URL for your sign-in page to contain your AWS account ID, you
can create an account alias. From the IAM dashboard, choose
Customize and enter an alias, such as your company name. To
sign in after you create an account alias, use the following URL:

https://your_account_alias.signin.aws.amazon.com/console/

To verify the sign-in link for IAM users for your account, open the IAM console
and check under the IAM users sign-in link on the dashboard.

After you complete these steps, you can stop here and go to Getting Started with AWS WAF to continue getting started with AWS WAF using the
console. If you want to access AWS WAF programmatically using the AWS WAF API,
continue on
to the next step, Step 3: Download Tools.

Step 3: Download Tools

The AWS Management Console includes a console for AWS WAF, but if you want to access
AWS WAF
programmatically, the following documentation and tools will help you:

If you want to call the AWS WAF API without having to handle low-level details like
assembling raw HTTP requests, you can use an AWS SDK. The AWS SDKs provide
functions and data types that encapsulate the functionality of AWS WAF and other
AWS services. To download an AWS SDK, see the applicable page, which also
includes prerequisites and installation instructions:

If you're using a programming language for which AWS doesn't provide an SDK,
the AWS WAF API Reference documents the operations
that AWS WAF supports.

The AWS Command Line Interface (AWS CLI) supports AWS WAF. The AWS CLI lets you control
multiple AWS services
from the command line and automate them through scripts. For more information,
see AWS Command Line Interface.